Re: [Exim] Configuration data that is sensitive

Góra strony
Delete this message
Reply to this message
Autor: Brian K. West
Data:  
Dla: Philip Hazel
CC: exim-users
Temat: Re: [Exim] Configuration data that is sensitive
Philip,
    I am inclined to say limit it to root only.  Anyone else shouldn't have
a use for this option.  I could give out additional info that is not needed
by a normal user.  But I am paranoid as hell.


Later,
Brian

----- Original Message -----
From: "Philip Hazel" <ph10@???>
To: <exim-users@???>
Sent: Friday, September 29, 2000 10:56 AM
Subject: [Exim] Configuration data that is sensitive


> It was pointed out recently that the -bP option in Exim (which shows the
> setting of one or more options) was rather more open that it should be,
> because options like mysql_servers can contain authentication
> information. I've just had a think about this. There are two possible
> approaches:
>
> (1) Just restrict the use of -bP to admin users. This is the easy thing
> to do. However, it seems a bit heavy handed.
>
> (2) Invent a notional flag that is set for certain options, restricting
> them to admin users only. This is not a huge amount of work, and I think
> there are only a few such options:
>
>    mysql_servers
>    pgsql_servers
>    all the query or queries options, because they can contain
>      password information in LDAP queries
>    server_secret     in authenticators
>    server_condition  in authenticators, because it might have an inline
>                        password
>    client_secret     in authenticators
>    client_send       in authenticators

>
> Does anyone have any views? I'm inclined to do (2).
>
> --
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>
>